Secure public surfing with home proxy

Discussion in 'macOS' started by Ross Henderson, Apr 22, 2006.

  1. Ross Henderson macrumors member

    Ross Henderson

    Joined:
    Apr 6, 2006
    #1
    Hi everyone. I use may laptop (10.4.6) on public wireless networks and I'm interested in using an ssh tunnel to encrypt all my traffic. (not just HTTP), so not to let any information be seen by packet sniffers. It would be best if I could send every network request I make to my desktop (10.3.9) at home encrypted and use it as a proxy server. What services would I need to enable or install on my home machine to acheive this? It would be best if they were command line based as they would be easier to maintain when I'm away.

    Any ideas?
     
  2. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #2
    Can I ask the first, obvious, maybe silly question? Do you have a static IP address at home?

    I know that OS X Server (both Panther and Tiger, I believe) have software built-in to create a VPN. I'm not sure if it's possible without OS X Server out of the box, though. But you might be able to use something like this:

    http://openvpn.net/

    There are free solutions like this, too, that may or may not work using OS X on the server end:

    http://www.summersault.com/communit...ting-a-vpn-for-free-with-mpd-and-freebsd.html
     
  3. Ross Henderson thread starter macrumors member

    Ross Henderson

    Joined:
    Apr 6, 2006
    #3
    I do have static IP addresses, both LAN and external. I will be able to forward any nessesary ports to the desktop if needed as it behind a NAT router. I was looking into VPN but I was unaware there were open source alternatives as I was under the impression I needed to pay for hardware. I can presumably configure VPN using internet connect on my laptop once this software is installed on my desktop. Am I correct?
     
  4. jhu macrumors 6502a

    jhu

    Joined:
    Apr 4, 2004
    #4
    if all you're doing is browsing the internet, you can

    0) edit your /etc/ssh/sshd_config file by changing the "X11Forwarding no" to "X11Forwarding yes"
    1) ssh into your home computer with `ssh -X *ip address of home computer*`
    2) start up firefox or mozilla from your home computer

    for that to work, you need to install fink or darwinports and then the install the X11 version of the web browser
     
  5. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #5
    It's been a long time since I've tried this, but... this wouldn't exactly be "snappy," would it? It would definitely work, though.
     
  6. Ross Henderson thread starter macrumors member

    Ross Henderson

    Joined:
    Apr 6, 2006
    #6
    Thats a good idea but I would rather not have the overhead bandwidth involved with X11, especially with the bottleneck of my upload speed at home. I have freex86 installed on the desktop but couldn't get and browser to compile on darwin. Also it would be nice to enable this with a quick change of Location in the apple menu. I might try it though if other routes become to complicated.
     
  7. Ross Henderson thread starter macrumors member

    Ross Henderson

    Joined:
    Apr 6, 2006
    #7
    I'm going to download and compile this and see whether it will suit my needs. Thanks for the link.
     
  8. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #8
    By the way, yes, if you created a VPN, then you would be acquiring a connection most likely through the internet connect wizard's VPN section.

    One more option for you to try, getting back to your original idea:

    http://homepage.mac.com/adg/SquidMan/index.html

    Squid is an open source proxy server application package. :)
     
  9. Ross Henderson thread starter macrumors member

    Ross Henderson

    Joined:
    Apr 6, 2006
    #9
    Oh wow. That's other option. I'll try OpenVPN first as it sounds like the most secure. It seems to compile ok, just one dependancy issue, which was a quick download. I'll post again once I get it working incase anyone else needs the same thing as me.
     
  10. Ross Henderson thread starter macrumors member

    Ross Henderson

    Joined:
    Apr 6, 2006
    #10
    If anybody wants to do what I did, heres some info. The dependancy I needed (on mac os x panther) was LZO and was found at http://www.oberhumer.com/opensource/lzo/.
    I also found a graphical user interface for OpenVNC at http://www.tunnelblick.net if anybody wants any easier way. OpenVPN is installed in /usr/local/sbin, which by default is not in your path. So has to be run as /usr/local/bin/openvpn instead of openvpn as in many tutorials I found, and I found a tun/tap driver which I needed at http://www-user.rhrk.uni-kl.de/~nissler/tuntap/. I hope this helps someone.
     
  11. trainguy77 macrumors 68040

    Joined:
    Nov 13, 2003

Share This Page